<?php
header("Content-Type: text/html;charset=utf-8");
header("Access-Control-Allow-Origin: *"); 
header('Access-Control-Allow-Methods:POST');
header('Access-Control-Allow-Headers:x-requested-with,content-type');

include('../system/canDo.php');
include('../system/DB.php');

if(isset($_POST['token'])){
  $token = $_POST['token'];
  if(is_attack($token)){
    $res = array("status" => "error","errMsg" => 'Token Unavailable');
    exit(json_encode($res));
  }
}else{
  $res = array("status" => "error","errMsg" => 'Token Unavailable');
  exit(json_encode($res));
}

$conn = LinkDB();
if(! $conn ){
  $res = array("status" => "error","errMsg" => 'Mysql Error: '.mysqli_error($conn));
  exit(json_encode($res));
}

$do = canDo($token,'getReportRecord',$conn);
if($do['status'] != 'success'){
  $res = array("status" => "error","errMsg" => $do['errMsg']);
  exit(json_encode($res));
}

if(isset($_POST['id'])&&!is_attack($_POST['id'])){
  $id = $_POST['id'];
}else{
  $res = array("status" => "error","errMsg" => 'Param Illegal');
  exit(json_encode($res));
}

if(isset($_POST['type'])&&!is_attack($_POST['type'])){
  $type = $_POST['type'];
}else{
  $res = array("status" => "error","errMsg" => 'Param Illegal');
  exit(json_encode($res));
}

if(isset($_POST['start'])&&!is_attack($_POST['start'])){
  $start = $_POST['start'];
}else{
  $start = '';
}

if(isset($_POST['end'])&&!is_attack($_POST['end'])){
  $end = $_POST['end'];
}else{
  $end = '';
}

$sql = '';
if($id != ''){
  $sql = "SELECT data FROM `report_record` WHERE `id` = $id";
}else{
  $sql .= "SELECT data FROM `report_record` WHERE ";
  if($start != ''){
    $sql .= "`start` = '$start' AND ";
  }
  if($end != ''){
    $sql .= "`end` = '$end' AND ";
  }
  $sql .= "`type` = '$type'";
}
$result = mysqli_query($conn, $sql);

if(!$result){
  $res = array("status" => "error","errMsg" => 'Mysql Error: '.mysqli_error($conn));
  exit(json_encode($res));
}else{
  if($row = mysqli_fetch_array($result)){
    $row["status"] = "success";
    echo json_encode($row);
  }else{
    echo json_encode(array("status" => "error","errMsg" => "Empty Result"));
  }
}
mysqli_close($conn);
?>